4. The method defined in Claim 3 wherein checking memory associated with the 
station to see if the first and second interfaces belong to the station comprises searching the 
locations in the table to determine if media access control (MAC) addresses of the first and 
second interfaces are listed as belonging to the station. 

5. The method defined in Claim 1 further comprising enforcing a security policy 
in response to determining that the station is attempting to connect to the network over a 
second interface other than the first interface. 

6. The method defined in Claim 5 wherein the security policy does not permit 
connection to the network through multiple interfaces of the same station, and wherein 
enforcing the security policy comprises denying the second connection to the network. 

7. The method defined in Claim 6 wherein denying the second connection 
comprises disabling a MAC address associated with the second interface. 

8. The method defined in Claim 5 wherein the security policy does not permit 
connection to the network through multiple interfaces of the same station, and wherein 
enforcing the security policy comprises disabling the first connection to the network. 

9. The method defined in Claim 8 wherein disabling the first connection 
comprises removing a MAC address associated with the first interface from a list of active 
stations. 



Atty Docket No.: 05878.P012X 



53 



Patent Application 



10. The method defined in Claim 5 wherein the security policy does not permit 
connection to the network through multiple interfaces of the same station, and wherein 
enforcing the security policy comprises denying the first and second connections to the 
network. 

1 1. The method defined in Claim 10 wherein denying the first connection 
comprises removing a MAC address associated with the first interface from a list of active 
stations and disabling its corresponding entry in the access control list, and further wherein 
denying the second connection comprises disabling a second MAC address associated with 
the second interface from becoming listed in a list of active stations. 

12. The method defined in Claim 5 wherein the security policy allows access to the 
network by the station over multiple interfaces. 

13. A method comprising: 

reconciling a plurality of interfaces corresponding to a single station when the station 
has access to a network resource through a first of the plurality of interfaces and is attempting 
to gain access to the network resource through a second of the plurality of interfaces; and 

enforcing a security policy with respect to the single station in response to the single 
station attempting to have a plurality of interfaces by which to access the network resource. 
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14. A switch for providing access to a network for one or more stations, the switch 
comprising: 

a plurality of ports; 

a controller coupled to the ports to allow a station to have a first connection to a 
network over a first interface and to determine that the station is attempting to have a second 
connection to the network over a second interface other than the first interface. 

15. The switch defined in Claim 14 wherein the controller determines that the 
station is attempting to have a second connection to the network by checking memory 
associated with the station to see if the first and second interfaces belong to the station. 

16. The switch defined in Claim 15 further comprising a memory coupled to the 
controller, the memory to store a table with locations indicating interfaces for the station. 

17. The switch defined in Claim 16 wherein the controller checks the memory 
associated with the station to see if the first and second interfaces belong to the station by 
searching the locations in the table to determine if media access control (MAC) addresses of 
the first and second interfaces are listed as belonging to the station. 

18. The switch defined in Claim 14 wherein the controller enforces a security 
policy in response to determining that the station is attempting to connect to the network over 
a second interface other than the first interface. 
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19. The switch defined in Claim 18 wherein the security policy does not permit 
connection to the network through multiple interfaces of the same station, and wherein the 
controller enforces the security policy by denying the second connection to the network. 

20. The switch defined in Claim 19 wherein denying the second connection 
comprises disabling a MAC address associated with the second interface. 

21 . The switch defined in Claim 18 wherein the security policy does not permit 
connection to the network through multiple interfaces of the same station, and wherein the 
controller enforces the security policy by disabling the first connection to the network. 

22. The switch defined in Claim 21 wherein the controller denies the first 
connection by removing a MAC address associated with the first interface from a list of active 
stations. 

23. The switch defined in Claim 18 wherein the security policy does not permit 
connection to the network through multiple interfaces of the same station, and wherein the 
controller enforces the security policy by disabling the first and denying the second 
connections to the network. 

24. The switch defined in Claim 10 wherein the controller disables the first 
connection by removing a MAC address associated with the first interface from a list of active 
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stations and denies the second connection by disabling a second MAC address associated with 
the second interface from becoming listed in a list of active stations. 

25. A method comprising: 

allowing a station to have a set of one or more connections to a network over a first set 
of one or more interfaces; 

determining that the station is attempting to have another connection to the network 
over another interface other than the first set of interfaces; and 

performing an action in response to determining the station is attempting the other 
connection. 
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